b'                                        SOCIAL SECURITY\n\nMEMORANDUM\n\nDate:      May 2, 2008                                               Refer To:\n\nTo:        The Commissioner\n\nFrom:      Inspector General\n\nSubject:   Performance Indicator Audit: Earnings Information (A-15-07-17126)\n\n\n           We contracted with PricewaterhouseCoopers, LLP (PwC) to evaluate 13 of the Social\n           Security Administration\xe2\x80\x99s (SSA) performance indicators established to comply with the\n           Government Performance and Results Act. Attached is the final report presenting the\n           results of two of the performance indicators PwC reviewed. For the performance\n           indicators included in this audit, PwC\xe2\x80\x99s objectives were to:\n           \xe2\x80\xa2   Assess the effectiveness of internal controls and test critical controls over data\n               generation, calculation, and reporting processes for the specific performance\n               indicator.\n           \xe2\x80\xa2   Assess the overall reliability of the performance indicator\xe2\x80\x99s computer processed\n               data. Data are reliable when they are complete, accurate, consistent and not\n               subject to inappropriate alteration.\n           \xe2\x80\xa2   Test the accuracy of results presented and disclosed in SSA\xe2\x80\x99s Fiscal Year 2006 and\n               2007 Performance and Accountability Reports.\n           \xe2\x80\xa2   Assess if the performance indicator provides a meaningful measurement of the\n               program it measures and the achievement of its stated objective.\n\n           This report contains the results of the audit for the following indicators.\n\n           \xe2\x80\xa2   Issue annual SSA-initiated Social Security Statements to eligible individuals age\n               25 and older.\n           \xe2\x80\xa2   Remove 3 percent of the earnings items that remain in the Earnings Suspense File\n               for a new tax year and post the earnings to the correct earnings records.\n\x0cPage 2 \xe2\x80\x93 The Commissioner\n\n\nPlease provide within 60 days a corrective action plan that addresses each\nrecommendation. If you wish to discuss the final report, please call me or have your\nstaff contact Steven L. Schaeffer, Assistant Inspector General for Audit, at\n(410) 965-9700.\n\n\n\n\n                                                  Patrick P. O\xe2\x80\x99Carroll, Jr.\n\nAttachment\n\x0c           OFFICE OF\n    THE INSPECTOR GENERAL\n\nSOCIAL SECURITY ADMINISTRATION\n\n\n  PERFORMANCE INDICATOR AUDIT:\n      EARNINGS INFORMATION\n\n     May 2008    A-15-07-17126\n\n\n\nAUDIT REPORT\n\x0c                                    Mission\nBy conducting independent and objective audits, evaluations and investigations,\nwe inspire public confidence in the integrity and security of SSA\xe2\x80\x99s programs and\noperations and protect them against fraud, waste and abuse. We provide timely,\nuseful and reliable information and advice to Administration officials, Congress\nand the public.\n\n                                   Authority\nThe Inspector General Act created independent audit and investigative units,\ncalled the Office of Inspector General (OIG). The mission of the OIG, as spelled\nout in the Act, is to:\n\n  \xef\x81\xad Conduct and supervise independent and objective audits and\n    investigations relating to agency programs and operations.\n  \xef\x81\xad Promote economy, effectiveness, and efficiency within the agency.\n  \xef\x81\xad Prevent and detect fraud, waste, and abuse in agency programs and\n    operations.\n  \xef\x81\xad Review and make recommendations regarding existing and proposed\n    legislation and regulations relating to agency programs and operations.\n  \xef\x81\xad Keep the agency head and the Congress fully and currently informed of\n    problems in agency programs and operations.\n\n  To ensure objectivity, the IG Act empowers the IG with:\n\n  \xef\x81\xad Independence to determine what reviews to perform.\n  \xef\x81\xad Access to all information necessary for the reviews.\n  \xef\x81\xad Authority to publish findings and recommendations based on the reviews.\n\n                                     Vision\nWe strive for continual improvement in SSA\xe2\x80\x99s programs, operations and\nmanagement by proactively seeking new ways to prevent and deter fraud, waste\nand abuse. We commit to integrity and excellence by supporting an environment\nthat provides a valuable public service while encouraging employee development\nand retention and fostering diversity and innovation.\n\x0cMEMORANDUM\n\n\nDate:      April 24, 2008\n\nTo:        Inspector General\n\nFrom:      PricewaterhouseCoopers, LLP\n\nSubject:   Performance Indicator Audit: Earnings Information (A-15-07-17126)\n\n\nOBJECTIVE\nThe Government Performance and Results Act (GPRA) 1 of 1993 requires that the\nSocial Security Administration (SSA) develop performance indicators that assess the\nrelevant service levels and outcomes of each program activity. 2 GPRA also calls for a\ndescription of the means employed to verify and validate the measured values used to\nreport on program performance. 3\n\nOur audit was conducted in accordance with generally accepted government auditing\nstandards for performance audits. For the performance indicators included in this audit,\nour objectives were to:\n\n1. Assess the effectiveness of internal controls and test critical controls over the data\n   generation, calculation, and reporting processes for the specific performance\n   indicator.\n\n2. Assess the overall reliability of the performance indicator\xe2\x80\x99s computer processed\n   data. Data are reliable when they are complete, accurate, consistent and are not\n   subject to inappropriate alteration. 4\n\n3. Test the accuracy of results presented and disclosed in the Fiscal Year (FY) 2006\n   and 2007 Performance and Accountability Reports (PAR).\n\n4. Assess if the performance indicator provides a meaningful measurement of the\n   program it measures and the achievement of its stated objective.\n\n\n1\n Public Law Number 103-62, 107 Stat. 285 (codified as amended in scattered sections of 5 United States\nCode (U.S.C.), 31 U.S.C. and 39 U.S.C.).\n2\n    31 U.S.C. \xc2\xa7 1115(a)(4).\n3\n    31 U.S.C. \xc2\xa7 1115(a)(6).\n4\n Government Accountability Office (GAO), GAO-03-273G, Assessing Reliability of Computer Processed\nData, October 2002, p. 3.\n\n\nPerformance Indicator Audit: Earnings Information (A-15-07-17126)                                    1\n\x0cBACKGROUND\nWe audited the following performance indicators as stated in the SSA FY 2006 or 2007\nPAR: 5\n\n    Performance Indicator                             Goal                    Reported Results\n    Issue annual SSA-initiated Social                 FY 2007                 FY 2007 Actual\n    Security Statements [Statement] to                100%                    100%\n    eligible individuals age 25 and older. 6\n    Remove 3 percent of the earnings items            FY 2006                 FY 2006 Actual\n    that remain in the Earnings Suspense File         3%                      1%\n    (ESF) for a new tax year and post the\n    earnings to the correct earnings records. 7\n\nSSA administers the Old-Age and Survivors Insurance (OASI), Disability Insurance (DI),\nand Supplemental Security Income (SSI) programs. The OASI program, authorized by\nTitle II of the Social Security Act (Act), provides income for eligible workers and eligible\nmembers of their families and survivors. 8 The DI program, also authorized by Title II of\nthe Act, provides income for eligible workers with qualifying disabilities and eligible\nmembers of their families before those workers reach retirement age. 9 The SSI\nprogram, authorized by Title XVI of the Act, was designed as a needs-based program to\nprovide or supplement the income of aged, blind, and/or disabled individuals with limited\nincome and resources. 10\n\nWidely considered the Nation\'s most successful domestic Federal program, Social\nSecurity provides a basic level of protection to all covered workers based on their past\nearnings. 11 Because of the importance of the earnings records, SSA management\ncontinuously strives to improve the integrity of earnings information. The two indicators\nreviewed and discussed in this report measure management\'s ongoing efforts to ensure\nthe accuracy of earnings record information retained by SSA.\n\nFor several years, SSA has been issuing annual Statements to eligible individuals.\nThese Statements are provided to improve communications with the public and improve\n5\n The period of review for indictor, "Remove 3 percent of the earning items that remain in the Earning\nSuspense File (ESF) for a new tax year and post the earning to the correct earning records," was\nFY 2006. The period of review for indicator, "Issue annual SSA-initiated Social Security Statements to\neligible individuals age 25 and older," was FY 2007.\n6\n    SSA PAR, FY 2007, p. 86.\n7\n    SSA PAR, FY 2006, p. 100.\n8\n    The Social Security Act \xc2\xa7\xc2\xa7 201-234, 42 U.S.C. \xc2\xa7\xc2\xa7 401-434.\n9\n    Id.\n10\n     The Social Security Act \xc2\xa7\xc2\xa7 1601-1637, 42 U.S.C. \xc2\xa7\xc2\xa7 1381-1383f.\n11\n     SSA PAR, FY 2006, p. 11.\n\nPerformance Indicator Audit: Earnings Information (A-15-07-17126)                                        2\n\x0cthe accuracy of earnings information retained by SSA. SSA provides the Statements in\ntwo ways.\n\n1. "To all eligible individuals (Social Security Number [SSN] holders age 25 and older\n   who are not yet in benefit status and for whom SSA can determine a current mailing\n   address)," 12 and\n2. At any time to workers of any age who request them.\n\nThe Statement is a record of the earnings on which individuals have paid Social\nSecurity taxes during working years and a summary of the estimated benefits the\nindividuals and their families may receive as a result of those earnings. SSA intends for\nthe Statements to be used in several ways, including identification of earnings mistakes\nby the individuals receiving the Statements.\n\nSSA receives Wage and Tax Statements (W-2) from employers and self-employment\nearnings from the Internal Revenue Service (IRS). The annual earnings posting cycle\nfor receiving and validating these data, including identifying and posting corrections, is\napproximately 2 years. SSA receives approximately 250 million earnings records\nannually and attempts to match these earnings records against the master record of all\nissued SSNs. Without a match, SSA is unable to post the reported earnings to the\nappropriate record, and these earnings are placed in the ESF.\n\nRecords are posted to the ESF for a number of reasons, including:\n\n\xe2\x80\xa2      Earnings records fail the name and SSN validation test.\n\xe2\x80\xa2      Earnings records consist of invalid SSNs.\n\xe2\x80\xa2      SSA records indicate that the individual is under age 7. These records are assigned\n       a special indicator of Young Children\'s Earnings (YCER).\n\xe2\x80\xa2      SSA records indicate the individual is deceased. These records are assigned a\n       special indicator of Earnings After Death (EAD).\n\xe2\x80\xa2      An individual informs SSA that posted earnings are erroneous.\n\nSSA management told us that approximately 10 percent of the received earnings\nrecords do not initially match SSA data. SSA has developed several computerized\nmatching processes to correct these suspended records and is typically able to match\n64 percent (16 million) of the initially suspended records. As a result, approximately\n9 million unmatched or suspended records are added to the ESF each year. The ESF\ncontains over 250 million suspended records.\n\nRESULTS OF REVIEW\nWe did not identify any significant findings related to the internal controls, data reliability,\nmeaningfulness, accuracy of presentation, or disclosure of the information for the\nindicator "Issue annual SSA-initiated Social Security Statements to eligible individuals\nage 25 and older."\n\n12\n     Id. p. 87.\n\nPerformance Indicator Audit: Earnings Information (A-15-07-17126)                             3\n\x0cHowever, our assessment revealed areas for improvement related to internal controls,\ndata reliability, and the accuracy and completeness of the results presented and\ndisclosed in the PAR for the indicator "Remove 3 percent of the earnings items that\nremain in the Earnings Suspense File (ESF) for a new tax year and post the earnings to\nthe correct earnings records." We also noted that previously reported internal control\nweaknesses related to this indicator had not been remediated by the Agency.\n\nIssue annual SSA-initiated Social Security Statements to eligible individuals age\n25 and older\n\nIndicator Background\n\nIn line with improving the public\'s knowledge of Social Security programs is the\nissuance of the Statement. The Statement informs workers of their posted earnings for\neach year, provides Old-Age, Survivors and Disability Insurance (OASDI) benefits\nestimates, and provides valuable information about Social Security programs and\nservices. The Statement allows workers to ensure the accuracy of SSA\'s information\nregarding their earnings and better plan for their financial future. 13\n\nThe Agency is required to be in compliance with section 1143 of the Act, 14 which\nmandates the issuance of Statements to individuals age 25 and older who are not yet in\nbenefit status and for whom SSA can determine a current mailing address. This allows\nSSA to educate workers and help them begin planning for retirement earlier by\nproviding them with estimated future benefit payments. The Agency established this\nperformance indicator to highlight the importance of providing this service.\n\nSSA produces Statements using weekly and daily operations. The weekly operation is\nas follows.\n\n\xe2\x80\xa2      A file is created based on a query of the Numident for individuals who are 25 or older\n       and are not deceased.\n\xe2\x80\xa2      This file is cross-referenced against the Personal Earnings and Benefit Estimate\n       Statement (PEBES) data file for individuals who have received statements within\n       1 year. If a match is found, the individual will not receive a second statement.\n\xe2\x80\xa2      The file is next compared against the Master Beneficiary Record (MBR) and Claims\n       Control file to determine whether the individual is receiving benefits or has a claim\n       pending. If this condition occurs, the individual will not receive a statement.\n\xe2\x80\xa2      Finally, the individuals\' addresses are obtained from the Internal Revenue Service or\n       a Territory File. 15\n\n\n\n\n13\n     Id, p. 86.\n14\n     42 U.S.C. \xc2\xa7 1320b-13.\n15\n     SSA obtains addresses for individuals living in U.S. Territories from taxpayer files in those locations.\n\nPerformance Indicator Audit: Earnings Information (A-15-07-17126)                                               4\n\x0cAfter successful completion of the weekly operation, the Statement information is run\nthrough a daily operation that includes the following.\n\n\xe2\x80\xa2     The file is checked for multiple SSNs and current claim benefits.\n\xe2\x80\xa2     The individuals\' earnings information and insured status is obtained from the Master\n      Earnings File (MEF). SSA works to resolve any errors noted with the earnings\n      records.\n\xe2\x80\xa2     The individuals\' benefit estimates are calculated.\n\xe2\x80\xa2     The individuals\' Statements are transmitted for printing. If an exception in the\n      Statement occurs, it is sent to the Target Notice Architecture for resolution.\n\xe2\x80\xa2     An SSA contractor prints and mails the Statements.\n\nThe purpose of this indicator is to "\xe2\x80\xa6ensure that all eligible individuals are issued an\nannual Social Security Statement as required by law." 16 However, it should be noted\nthat SSA is not able to confirm receipt of these Statements by the eligible individuals,\nonly that the Statements were sent. An OIG review found that Statements were being\nreturned to SSA as undeliverable. 17 OIG also suggested that SSA should consider\nallowing access to the Statement on-line for those individuals who would like the\nopportunity to obtain and view a Statement on-line.\n\nThe calculation is performed by dividing the total number of Statements that are initiated\nby SSA (SSA-Initiated Personal Earnings and Benefit Estimate Statement [SIPEBES])\nissued during the FY by the total number of SIPEBES required to be sent by law during\nthe FY.\n\nPerformance Indicator Calculation\n\n                                                      Total number of SIPEBES issued during\n Percentage of SSA-Initiated Social                   the fiscal year\n Security Statements to Eligible                =     Total number of SIPEBES required to be\n Individuals Age 25 and Older                         sent by law during the fiscal year\n Issued\n\n\nFindings\n\nWe did not identify any significant findings related to the internal controls, data reliability,\naccuracy of presentation, meaningfulness, or disclosure of the information related to this\nindicator contained in the FY 2007 PAR.\n\n\n\n\n16\n     SSA PAR FY 2007, p. 86.\n17\n  The Social Security Administration\xe2\x80\x99s Ability to Reach Individuals Using the Social Security Statement\n(A-15-07-17095).\n\nPerformance Indicator Audit: Earnings Information (A-15-07-17126)                                         5\n\x0cRemove 3 percent of the earnings items that remain in the Earnings Suspense\nFile (ESF) for a new tax year and post the earnings to the correct earnings\nrecords\n\nIndicator Background\n\nThis indicator supports the Agency\'s objective of "Ensure the accuracy of earnings\nrecords so that eligible individuals can receive the proper benefits due them." 18\nEarnings are the primary basis for determining the amount of benefits payable to OASDI\nbeneficiaries. When an earnings report (W-2 or a report of self-employment income)\ncannot immediately be matched with an individual because of inconsistent identifying\ndata (name or SSN), the reported earnings are placed in the ESF until the Agency\nsucceeds in properly associating the earnings to the right individual.\n\nSSA\'s Offices of Quality Performance (OQP) and Systems continue to develop and\nimplement automated matching software to analyze the approximately 9 million records\nadded annually to the ESF. Using various algorithms, the software attempts to match\ninformation in the ESF with SSA\'s master record information. The matching software is\ntypically run against the ESF at the end of each tax reporting period. The result for this\nindicator is determined by comparing the number of items added to the ESF for a tax\nyear to the number of items later removed by the matching software, which is recorded\nin the Reinstates File. SSA had developed and implemented matching software with\nthe goal of reducing the ESF by 3 percent in the current year; however, in the FY 2006\nperformance period, the number of items removed from the ESF did not result in the\nanticipated success rate.\n\nAt the end of the fiscal year, OQP obtains a copy of the ESF and Reinstates Files from\nthe Office of Systems. OQP personnel count the number of items in the ESF for the tax\nyear. OQP personnel then count the number of Origin of Validation Reinstatement\n(OVR) codes of 40 and 45 in the Reinstates File (this indicates those items that were\nreinstated by the new procedures developed by OQP and the Office of Systems).\n\nThe calculation is performed by dividing the count of items noted with the codes of 40 or\n45 in the Reinstates File by the count of items in the ESF for the tax year under review\nplus the number of OVR codes of 40 or 45 in the Reinstates file. The result of this\ncalculation is multiplied by 100 to show the result as a percentage.\n\nPerformance Indicator Calculation\n\n                                     Total number of OVR codes 40 & 45\nPerformance                      =   (Total number of items in ESF + Total   X 100\n                                     number of OVR codes 40 & 45)\n\n\n\n\n18\n     SSA PAR, FY 2007, p. 100.\n\nPerformance Indicator Audit: Earnings Information (A-15-07-17126)                        6\n\x0cFindings\n\nSix members of OQP\xe2\x80\x99s programming staff and three operational personnel had the "All"\naccess designation (within the Top Secret security software) to the Reinstates File\ndataset used to calculate the indicator results. This level of access allows users to\ncreate, delete and modify any of the data (or datasets) contained in the datasets we\nreviewed. Therefore, the data used to calculate the performance indicator could be\ninappropriately modified and could impact the results of this performance indicator. This\nlevel of access prevents SSA from ensuring the integrity of these production data. By\nallowing programming personnel to have the "All" access designation, SSA is not\nconforming to Office of Management and Budget Circular A-130, Management of\nFederal Information Resources, Appendix III, Security of Federal Automated Information\nResources, principles of "least privilege" or segregation of duties. 19 Therefore, the data\ncannot be considered reliable since the access control issue created the potential for\ninappropriate alteration.\n\nFurther, we noted that the Reinstates File retains the most recent data and previous\nearnings records that were reinstated for the same individual are not included in the\nperformance indicator calculation of earnings records removed. Specifically, SSA does\nnot include counts that could not be validated and/or explained by the OQP process.\nSSA management could not determine the extent of the understatement. As a result,\nthe actual results of the performance indicator could not be completely and accurately\ncalculated.\n\nIn addition, SSA management did not maintain an independent copy of the ESF and\nReinstates File used to calculate this indicator. As a result, we were given the OQP\ncopy of the ESF and Reinstates File extracts for our recalculation testing. Because\narchives of the ESF and Reinstates File were not maintained and no copies of the\nextracts were maintained independently, we could not verify and validate that the\nextracts provided by OQP were accurate and complete.\n\nLastly, during our review of the narrative information contained in the PAR related to this\nperformance indicator, we identified an inconsistency between the data definition and\nthe stated FY 2006 indicator goal. The FY 2006 goal for this indicator was 3 percent;\nhowever, the second sentence of the data definition states, "The five percent reduction\nwill be achieved by using new matching routines developed by the Office of Quality\nPerformance (OQP) and Office of Systems." 20 Although the goal of this performance\nindicator was not met, this inconsistency could cause confusion for the users of the\nPAR.\n\nAs of February 25, 2008, SSA\'s Annual Performance Plan did not include this indicator\nas a performance measure.\n\n\n19\n   SSA is implementing the Standardized Security Profile Project to address the principle of \xe2\x80\x9cleast\nprivileged access\xe2\x80\x9d for users with access to mainframe datasets.\n20\n     SSA PAR, FY 2006, p. 100.\n\nPerformance Indicator Audit: Earnings Information (A-15-07-17126)                                     7\n\x0cCONCLUSION AND RECOMMENDATIONS\nThe indicator, \xe2\x80\x9cRemove 3 percent of the earnings items that remain in the Earnings\nSuspense File (ESF) for a new tax year and post the earnings to the correct earnings\nrecords,\xe2\x80\x9d is no longer included in SSA\'s Annual Performance Plan. However, if this or a\nsimilar indicator is reported in the future, as a best practice SSA should:\n\n\xe2\x80\xa2   Ensure the performance indicator titles, definitions, and goals presented in the PAR\n    are accurate and consistent.\n\n\xe2\x80\xa2   Disclose in the PAR the limitations within the ESF and Reinstates File that may have\n    resulted in the potential understatement of the results for these performance\n    indicators.\n\n\xe2\x80\xa2   Maintain an independent audit trail including the computer files used to perform the\n    calculations.\n\nIn addition, based on our testing, we recommend SSA:\n\n1. Restrict access to the OQP copies of the ESF and Reinstates File based on the\n   concept of least privilege access.\n\nAGENCY COMMENTS\nThe Agency agreed with our recommendation. However, based on technical comments\nprovided separately by SSA, we made a slight change to the wording of the\nrecommendation for clarity purposes. The Agency\xe2\x80\x99s comments are included in\nAppendix D.\n\n\n\n\nPerformance Indicator Audit: Earnings Information (A-15-07-17126)                          8\n\x0c                                            Appendices\nAPPENDIX A \xe2\x80\x93 Acronyms\n\nAPPENDIX B \xe2\x80\x93 Scope and Methodology\n\nAPPENDIX C \xe2\x80\x93 Process Flowcharts\n\nAPPENDIX D \xe2\x80\x93 Agency Comments\n\n\n\n\nPerformance Indicator Audit: Earnings Information (A-15-07-17126)\n\x0c                                                                    Appendix A\nAcronyms\nAct                   Social Security Act\nDACUS                 Death Alert Control and Update System\nDI                    Disability Insurance\nEAD                   Earnings after Death\nESF                   Earnings Suspense File\nFY                    Fiscal Year\nGAO                   Government Accountability Office\nGPRA                  Government Performance and Results Act\nIRS                   Internal Revenue Service\nISSH                  Information System Security Handbook\nIST                   Intelligence Search Technology\nJFMIP                 Joint Financial Management Improvement Program\nMBR                   Master Beneficiary Record\nMEF                   Master Earnings File\nOASDI                 Old-Age, Survivors and Disability Insurance\nOASI                  Old-Age and Survivors Insurance\nOEEAAS                Office of Earnings, Enumeration, and Administrative Systems\nOMB                   Office of Management and Budget\nOQP                   Office of Quality Performance\nOVR                   Origin of Validation Reinstatement\nPAR                   Performance and Accountability Report\nPEBES                 Personal Earnings and Benefit Estimate Statement\nPwC                   PricewaterhouseCoopers\nSIPEBES               SSA-Initiated Personal Earnings and Benefit Estimate Statement\nSSA                   Social Security Administration\nSSI                   Supplemental Security Income\nSSN                   Social Security Number\nSSR                   Supplemental Security Record\nStatement             Social Security Statement\nU.S.C.                United States Code\nW-2                   Wage and Tax Statements\nYCER                  Young Children\'s Earnings\n\n\n\n\nPerformance Indicator Audit: Earnings Information (A-15-07-17126)\n\x0c                                                                        Appendix B\nScope and Methodology\nWe updated our understanding of the Social Security Administration\xe2\x80\x99s (SSA)\nGovernment Performance and Results Act (GPRA) processes. This was completed\nthrough research and inquiry of SSA management. We also requested SSA provide\nvarious documents regarding the specific programs being measured as well as the\nspecific measurement used to assess the effectiveness and efficiency of the related\nprogram.\n\nThrough inquiry, observation, and other substantive testing, including testing of source\ndocumentation, we performed the following.\n\n\xe2\x80\xa2   Reviewed prior SSA, Government Accountability Office, Office of the Inspector\n    General and other reports related to SSA\xe2\x80\x99s GPRA performance and related\n    information systems.\n\xe2\x80\xa2   Reviewed applicable laws, regulations and SSA policy.\n\xe2\x80\xa2   Met with the appropriate SSA personnel to confirm our understanding of the\n    performance indicators.\n\xe2\x80\xa2   Flowcharted the processes (see Appendix C).\n\xe2\x80\xa2   Tested key controls related to manual or basic computerized processes (for\n    example, spreadsheets, databases, etc.).\n\xe2\x80\xa2   Conducted and evaluated tests of the manual controls within and surrounding each\n    of the critical applications to determine whether the tested controls were adequate to\n    provide and maintain reliable data to be used when measuring the specific\n    indicators.\n\xe2\x80\xa2   Identified attributes, rules, and assumptions for each defined data element or source\n    document.\n\xe2\x80\xa2   Recalculated the metrics or algorithms of the performance indicators to ensure\n    mathematical accuracy.\n\xe2\x80\xa2   Assessed the completeness and accuracy of the data to determine the data\'s\n    reliability as they pertain to the objectives of the audit and intended use of the data.\n\nAs part of this audit, we documented our understanding, as conveyed to us by Agency\npersonnel, of the alignment of the Agency\xe2\x80\x99s mission, goals, objectives, processes, and\nrelated performance indicators. We analyzed how these items interacted with related\nprocesses within SSA and the existing measurement systems. Our understanding of\nthe Agency\xe2\x80\x99s mission, goals, objectives, and processes were used to determine if the\nperformance indicators appear to be valid and appropriate given our understanding of\nSSA\xe2\x80\x99s mission, goals, objectives and processes.\n\nWe followed all performance audit standards in accordance with generally accepted\ngovernment auditing standards.\n\n\n\n\nPerformance Indicator Audit: Earnings Information (A-15-07-17126)                       B-1\n\x0cIn addition to these steps, we specifically performed the following to test the indicators\nincluded in this report.\n\nSpecific to the performance indicator, "Issue annual SSA-initiated Social Security\nStatements to eligible individuals age 25 and older"\n\n\xe2\x80\xa2    Inspected relevant policies and procedures as necessary.\n\xe2\x80\xa2    Reviewed the extraction codes including the elimination process for the NUMIDENT,\n     Personal Earnings and Benefit Estimate Statement, Master Beneficiary Record\n     (MBR) and Territory Address Files.\n\xe2\x80\xa2    Reviewed access to extraction files to ensure personnel did not have direct dataset\n     access.\n\xe2\x80\xa2    Verified automated codes by conducting data analysis over the MBR, Supplemental\n     Security Record (SSR) and Death Alert Control and Update System (DACUS) data\n     to ensure edits were meeting the required criteria and were working properly.\n\xe2\x80\xa2    Selected a sample of 45 Social Security numbers (SSN) from the NUMIDENT\n     segment and verified statements were sent or had met extraction criteria.\n\xe2\x80\xa2    Selected a sample of 45 history records transmitted for printing and verified PEBES\n     history file was updated.\n\nSpecific to the performance indicator, "Remove 3 percent of the earnings items\nremaining in the Earning Suspense File (ESF) for a new tax year and post the\nearnings to the correct earnings records"\n\n\xe2\x80\xa2    Inspected relevant policies and procedures as necessary.\n\xe2\x80\xa2    Reviewed relevant documentation for the sources of the data included on the ESF\n     and the Reinstates File, the matching routines for suspended records and the\n     process for reinstating those records to the Master Earnings File (MEF).\n\xe2\x80\xa2    Reviewed the process for controlling access to the ESF and Reinstates File and\n     tested the appropriateness of the access privileges granted to the Reinstates File\n     and ESF for a selection of SSA personnel.\n\xe2\x80\xa2    Sampled 45 lead 1 SSNs to verify corresponding MEF, NUMIDENT, and Intelligence\n     Search Technology score data were correctly assigned.\n\xe2\x80\xa2    Reviewed counts for matching routines to verify SSNs were assigned appropriate\n     codes during phase matching routines.\n\xe2\x80\xa2    Recalculated the results of the performance indicator by obtaining a copy of the\n     Reinstates File and ESF extracts and determining the number of records that were\n     posted to the Reinstates File from Calendar Year 2002 based on Office of Quality\n     Performance matching processes and ESF records from Calendar Year 2002.\n\n\n\n\n1\n    A lead SSN is the SSN being tested for a match and thereby removed from the ESF.\n\n\nPerformance Indicator Audit: Earnings Information (A-15-07-17126)                        B-2\n\x0c                                                                                                            Appendix C\nProcess Flowcharts\n\nIssue Annual Social Security Administration-Initiated\nSocial Security Statements to Eligible Individuals Age 25\nand Older - Flowchart\n   Weekly Operation                            Daily Operation\n                                               Combine records with\n    Select by age range                        Multiple Social Security\n     (>= 25 years), and        NUMIDENT        Numbers (SSNs) and,\n      no death record                           re-check for claim,\n                                                       benefits\n\n                                                                                          Master\n                                                                                       Earnings File\n                                                                                          (MEF)\n\n    Eliminate if received\n   Personal Earnings and                       Obtain Earnings Record\n     Benefits Estimate        PEBES History    and Determine insured\n    Statement (PEBES)                                  status\n        within 1 year\n\n                                                                                      Resolve Earnings\n                                                                                      Record Problem\n\n\n\n                              Master Benefit      Calculate Benefit\n                              Record (MBR)           Estimates\n\n    Eliminate if receiving\n    benefits or if claim is\n          pending\n                                                Save History Record,\n                                                Transmit for Printing,                                            Social Security\n                                                                                     Printing and Mailing        Statements Sent\n                              Claims Control     Send Exceptions to\n                                                                                          Contractor\n                                                   Target Notice\n                                                    Architecture\n\n\n\n\n                                                                                       Executive\n                                                                                     Management\n                                Territory\n                                                                                      Information\n                               Addresses\n                                                                                        System\n     Obtain Taxpayer\n  Addresses from Internal\n     Revenue Service\n   (IRS) / Territory File\n\n                                   IRS                                                                              Reporting of\n                                                                           Total number of Statements issued        Performance\n                                                                          Total number of Statements estimated       Measure in\n                                                                                                                  Performance and\n                                                                                                                   Accountability\n                                                                                                                   Report (PAR)\n\n\n\n\nPerformance Indicator Audit: Earnings Information (A-15-07-17126)                                                                   C-1\n\x0cIssue Annual Social Security Administration-Initiated\nSocial Security Statements to Eligible Individuals Age 25\nand Older - Narrative\n   \xe2\x80\xa2   The following occurs during the weekly operation.\n          o Select names by age range (>= 25 years) and no death record from the\n              NUMIDENT.\n          o Eliminate if received Personal Earnings and Benefit Estimate Statement\n              (PEBES) within 1 year - input is received from the PEBES file to complete.\n          o Eliminate if receiving benefits or if claim is pending within one year.\n              Determined through input from the Master Beneficiary Record (MBR) and\n              Claims Control file.\n          o Obtain taxpayer addresses from Internal Revenue Service or Territory\n              Files.\n\n   \xe2\x80\xa2   The following occurs during the daily operation.\n          o Combine records with multiple Social Security numbers (SSN) and re-\n              check for claim benefits.\n          o Obtain earnings record and determine insured status from the Master\n              Earnings File (MEF).\n          o Resolve earnings record problems.\n          o Calculate benefit estimates.\n          o Save history record, transmit for printing; send exceptions to Target Notice\n              Architecture.\n          o Send information to the printing and mailing contractor.\n          o Social Security Statements are sent.\n          o Executive Management Information System updated.\n          o Reporting of performance measure results in the Performance and\n              Accountability Report (PAR).\n\n\n\n\nPerformance Indicator Audit: Earnings Information (A-15-07-17126)                    C-2\n\x0cRemove 3 Percent of the Earnings Items That Remain in the\nEarnings Suspense File (ESF) for a New Tax Year and Post\nthe Earnings to the Correct Earnings Records \xe2\x80\x93 Flowchart 1\n        Office of Quality\n          Performance\n        (OQP) receives\n       copy of suspense\n       file from Office of\n             Systems\n\n\n\n\n    OQP creates snapshot\n    copy of suspense file.\n\n     Note: There is a 4 year\n    lag between the tax year\n       and year calculated\n\n\n\n\n        OQP separates\n        suspense items\n          into buckets\n\n\n\n\n     Assign unique control\n     numbers and Obtain                     OQP creates                       OQP creates                        OQP creates\n       Numident/Master                    snapshot copy of                  snapshot copy of                    Alphadent File\n      Earnings File (MEF)                  Reinstate Files                   Reinstate Files                    from Numident\n        characteristics\n\n\n                                                                       Perform matching routine\n       Perform matching                  Perform matching                     (phase 7)                        Perform matching\n       routine (phase 5)                 routine (phase 6)                                                     routine (phase 8)\n                                                                        Match Suspense Name to\n     Lead Social Security                 Match Suspense                  Reported Name and                    Match Suspense\n       Number (SSN) =                     SSN to Reported                 Suspense Employer                   name to Alphadent\n       Suspense SSN                            SSN                     Identification Number (EIN)                 names\n                                                                             to Reported EIN\n\n\n\n\n       OQP loads focus\n         database with\n        lead SSN data\n        characteristics\n\n\n\n\n            Focus\n           database\n\n\n\n\n           Decision tree                                                                             Office of Systems assigns\n                                         Load Postit Focus                 OQP creates\n       program executed                                                                                  Origin of Validation\n                                           database with                  CRKver file and\n       to identify the lead                                                                          Reinstatement (OVR) code\n                                          Suspense and                   sends to Office of\n         SSNs that meet                                                                              40 & 45 to items posted by\n                                          Lead SSN data                      Systems\n          testing criteria                                                                                      OQP\n\n\n                                                                                                                          Reporting of \xe2\x80\x98Remove 3 percent of\n                                                                                                                          the earnings items that remain in\n                                                                                                         Result\n                                                                                                                          the Earnings Suspense File (ESF)\n                                                  Total number of OVR code 40 & 45           _        multiplied by\n                                                                                                                          for a new tax year and post the\n                              Total number of items in ESF + Total number of OVR code 40 & 45         100 to reflect\n                                                                                                                          earnings to the correct earnings\n                                                                                                      a percentage\n                                                                                                                          records\xe2\x80\x99 in the Performance and\n                                                                                                                          Accountability report.\n\n\n\n\n1\n  This process describes the calculation of the performance measure. It does not include how earnings\nitems are posted to the ESF.\n\n\nPerformance Indicator Audit: Earnings Information (A-15-07-17126)                                                                                             C-3\n\x0cRemove 3 Percent of the Earnings Items That Remain in\nthe Earnings Suspense File (ESF) for a New Tax Year and\nPost the Earnings to the Correct Earnings Records \xe2\x80\x93\nNarrative\n\n   \xe2\x80\xa2   Office of Quality Performance (OQP) receives copy of suspense file from Office\n       of Systems.\n   \xe2\x80\xa2   OQP creates snapshot copy of suspense file. Note: There is a four year lag\n       between the tax year and year calculated.\n   \xe2\x80\xa2   OQP separates suspense items into categories.\n   \xe2\x80\xa2   OQP assigns unique control numbers and obtains NUMIDENT and MEF\n       characteristics.\n   \xe2\x80\xa2   OQP creates snapshot copy of Reinstate Files.\n   \xe2\x80\xa2   OQP creates ALPHADENT file from the NUMIDENT.\n   \xe2\x80\xa2   Perform matching routine (Phase 5). Lead Social Security Number (SSN) =\n       Suspense SSN.\n   \xe2\x80\xa2   Perform matching routine (Phase 6). Match Suspense SSN to Reported SSN.\n   \xe2\x80\xa2   Perform matching routine (Phase 7). Match Suspense Name to Reported Name\n       and Suspense Employer Identification Number (EIN) to Reported EIN.\n   \xe2\x80\xa2   Perform matching routine (Phase 8). Match Suspense name to ALPHADENT\n       names.\n   \xe2\x80\xa2   OQP loads focus database with lead SSN data characteristics.\n   \xe2\x80\xa2   Decision tree program executed to identify the lead SSNs that meet testing\n       criteria.\n   \xe2\x80\xa2   Load Postit Focus database with Suspense and Lead SSN data.\n   \xe2\x80\xa2   OQP creates CRKver file and sends to Office of Systems.\n   \xe2\x80\xa2   Office of Systems assigns Origin of Validation Reinstatement (OVR) codes 40\n       and 45 to items posted by OQP.\n   \xe2\x80\xa2   OQP uses the count of items noted with the code of 40 or 45 in the Reinstates\n       file and divides this number by the count of items in the Earnings Suspense File\n       (ESF) for the tax year under review, plus the number of OVR codes of 40 or 45 in\n       the Reinstates file.\n   \xe2\x80\xa2   The result of this calculation is multiplied by 100 to show the result as a\n       percentage.\n   \xe2\x80\xa2   Reporting of \xe2\x80\x98Remove 3 percent of the earnings items that remain in the ESF for\n       a new tax year and post the earnings to the correct earnings records\xe2\x80\x99 in the\n       Performance and Accountability Report.\n\n\n\n\nPerformance Indicator Audit: Earnings Information (A-15-07-17126)                   C-4\n\x0c                                                                    Appendix D\nAgency Comments\n\n\n\n\nPerformance Indicator Audit: Earnings Information (A-15-07-17126)\n\x0c                                         SOCIAL SECURITY\n\nMEMORANDUM\n\n\nDate:      April 24, 2008                                                        Refer To: S1J-3\n\nTo:        Patrick P. O\'Carroll, Jr.\n           Inspector General\n\nFrom:      David V. Foster /s/\n           Chief of Staff\n\nSubject:   Office of the Inspector General (OIG) Draft Report, "Performance Indicator Audit: Earnings\n           Information\xe2\x80\x9d (A-15-07-17126)--INFORMATION\n\n\n           We appreciate OIG\xe2\x80\x99s efforts in conducting this review. Our comments regarding the draft report\n           and response to the recommendation are attached.\n\n           Please let me know if we can be of further assistance. Staff inquiries may be directed to\n           Ms. Candace Skurnik, Director, Audit Management and Liaison Staff, at (410) 965-4636.\n\n\n           Attachment\n\n\n\n\n           Performance Indicator Audit: Earnings Information (A-15-07-17126)                            D-1\n\x0cCOMMENTS ON THE OFFICE OF THE INSPECTOR GENERAL\xe2\x80\x99S DRAFT REPORT,\n\xe2\x80\x9cPERFORMANCE INDICATOR AUDIT: EARNINGS INFORMATION\xe2\x80\x9d\n(A-15-07-17126)\n\nThank you for the opportunity to review and provide comments on this draft report. In the\nreport, you acknowledge that the performance indicator, \xe2\x80\x9cRemove 3 percent of the earnings\nitems that remain in the Earnings Suspense File (ESF) for a new tax year and post the earnings to\nthe correct earnings records,\xe2\x80\x9d is no longer included in our Annual Performance Plan. However,\nduring your review you identified three \xe2\x80\x9cbest practices\xe2\x80\x9d we should consider, such as: 1) ensure\nthe performance indicator titles, definitions, and goals presented in the Performance and\nAccountability Report (PAR) are accurate and consistent; 2) disclose in the PAR the limitations\nwithin the ESF and Reinstates File that may have resulted in the potential understatement of the\nresults for these performance indicators; and 3) maintain an independent audit trail including the\ncomputer files used to perform the calculations. We agree with these \xe2\x80\x9cbest practices\xe2\x80\x9d and will\nincorporate them if this, or a similar performance indicator, is reported in the future.\n\nRecommendation\n\nRestrict access to the ESF and Reinstates File based on the concept of least privilege access.\n\nComment\n\nWe agree. We are currently working on evaluating access utilizing the Standardized Security\nProfile Project (SSPP). As part of our execution of SSPP, we will review users\xe2\x80\x99 access to the\nfiles identified in this review and will reduce those users to \xe2\x80\x9cleast privilege\xe2\x80\x9d access. We expect\nto complete this task no later than September 2010.\n\n\n\n\nPerformance Indicator Audit: Earnings Information (A-15-07-17126)                                D-2\n\x0c                         Overview of the Office of the Inspector General\nThe Office of the Inspector General (OIG) is comprised of an Office of Audit (OA), Office of Investigations\n(OI), Office of the Chief Counsel to the Inspector General (OCCIG), Office of External Relations (OER), and\nOffice of Technology and Resource Management (OTRM). To ensure compliance with policies and procedures,\ninternal controls, and professional standards, the OIG also has a comprehensive Professional Responsibility and\nQuality Assurance program.\n                                                  Office of Audit\nOA conducts financial and performance audits of the Social Security Administration\xe2\x80\x99s (SSA) programs and\noperations and makes recommendations to ensure program objectives are achieved effectively and efficiently.\nFinancial audits assess whether SSA\xe2\x80\x99s financial statements fairly present SSA\xe2\x80\x99s financial position, results of\noperations, and cash flow. Performance audits review the economy, efficiency, and effectiveness of SSA\xe2\x80\x99s\nprograms and operations. OA also conducts short-term management reviews and program evaluations on issues\nof concern to SSA, Congress, and the general public.\n                                              Office of Investigations\nOI conducts investigations related to fraud, waste, abuse, and mismanagement in SSA programs and operations.\nThis includes wrongdoing by applicants, beneficiaries, contractors, third parties, or SSA employees performing\ntheir official duties. This office serves as liaison to the Department of Justice on all matters relating to the\ninvestigation of SSA programs and personnel. OI also conducts joint investigations with other Federal, State,\nand local law enforcement agencies.\n                        Office of the Chief Counsel to the Inspector General\nOCCIG provides independent legal advice and counsel to the IG on various matters, including statutes,\nregulations, legislation, and policy directives. OCCIG also advises the IG on investigative procedures and\ntechniques, as well as on legal implications and conclusions to be drawn from audit and investigative material.\nAlso, OCCIG administers the Civil Monetary Penalty program.\n                                        Office of External Relations\nOER manages OIG\xe2\x80\x99s external and public affairs programs, and serves as the principal advisor on news releases\nand in providing information to the various news reporting services. OER develops OIG\xe2\x80\x99s media and public\ninformation policies, directs OIG\xe2\x80\x99s external and public affairs programs, and serves as the primary contact for\nthose seeking information about OIG. OER prepares OIG publications, speeches, and presentations to internal\nand external organizations, and responds to Congressional correspondence.\n                           Office of Technology and Resource Management\nOTRM supports OIG by providing information management and systems security. OTRM also coordinates\nOIG\xe2\x80\x99s budget, procurement, telecommunications, facilities, and human resources. In addition, OTRM is the\nfocal point for OIG\xe2\x80\x99s strategic planning function, and the development and monitoring of performance\nmeasures. In addition, OTRM receives and assigns for action allegations of criminal and administrative\nviolations of Social Security laws, identifies fugitives receiving benefit payments from SSA, and provides\ntechnological assistance to investigations.\n\x0c'